[3.0] bind: multiple issues (CVE-2015-8704, CVE-2015-8705)
CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c
CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate.
Versions affected:
9.3.09.8.8,
9.9.0>9.9.8-P2, 9.9.3-S19.9.8-S3, 9.10.0>9.10.3-P2
Solution:
Upgrade to the patched release most closely related to your current version of BIND.
BIND 9 version 9.9.8-P3
BIND 9 version 9.10.3-P3
References:
https://kb.isc.org/article/AA-01335
https://kb.isc.org/article/AA-01336
https://marc.info/?l=oss-security&m=145324023200962&w=2
(from redmine: issue id 5037, created on 2016-01-21, closed on 2016-01-29)
- Relations:
- parent #5033 (closed)
- Changesets:
- Revision efcb126b on 2016-01-27T13:15:37Z:
main/bind: security upgrade to 9.10.3_p3 (CVE-2015-8704,CVE-2015-8705). Fixes #5037
(cherry picked from commit 1cff01908c342a676deca5a1d7261020c6241d2d)